[CentOS] Why yum-cron is only at x86_64 system?

[MontyRee]

Hello, all.
 
 
I have operated centos 4.x and 5.x system.
 
for 4.x system, I auto update using yum
and for 5.x system, using yum-cron.
 
but I can't find any yum-cron package (i386) like below.
 
# yum search yum-cron(at i686, centox 5.3)

Warning: No matches found for: yum-cron
No Matches found

# yum search yum-cron(at x86_64, centos 5.3)
 Matched: yum-cron 
=
yum-cron.noarch : Files needed to run yum updates as a cron job

 
I don't know why the result was different?
 
 
Thanks in advance.
 
_
대딩들의 인맥관리! 윈도우 라이브 메신저로 해결하자! 채팅은 기본! 25GB 자료실은 덤! 대딩들의 아지트 윈메 클럽
http://im.msn.co.kr/Univ/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Why yum-cron is only at x86_64 system?

[Michael A. Peters]

MontyRee wrote:
> Hello, all.
> 
> 
> I have operated centos 4.x and 5.x system.
> 
> for 4.x system, I auto update using yum and for 5.x system, using
> yum-cron.
> 
> but I can't find any yum-cron package (i386) like below.
> 
> # yum search yum-cron(at i686, centox 5.3)
> 
> Warning: No matches found for: yum-cron No Matches found
> 
> # yum search yum-cron(at x86_64, centos 5.3) 
>  Matched:
> yum-cron = 
> yum-cron.noarch : Files needed to run yum updates as a cron job
> 
> 
> I don't know why the result was different?
> 
> 
> Thanks in advance.

To the best of my knowledge, yum-cron is depricated and has been
replaced with an update daemon of it's own.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Why yum-cron is only at x86_64 system?

[Karanbir Singh]

On 06/02/2009 09:19 AM, MontyRee wrote:
> # yum search yum-cron(at i686, centox 5.3)
> 
> Warning: No matches found for: yum-cron
> No Matches found

yum-cron has a bit of history really.

But in a nutshell, do you need yumcron to do something that cant be done
with yum-updatesd itself ? Make sure you look at the -o option before
deciding :)

- KB
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Why yum-cron is only at x86_64 system?

[Sebastian Szary]

2009/6/2 Michael A. Peters 

> MontyRee wrote:
> > Hello, all.
> >
> >
> > I have operated centos 4.x and 5.x system.
> >
> > for 4.x system, I auto update using yum and for 5.x system, using
> > yum-cron.
> >
> > but I can't find any yum-cron package (i386) like below.
> >
> > # yum search yum-cron(at i686, centox 5.3)
> >
> > Warning: No matches found for: yum-cron No Matches found
> >
> > # yum search yum-cron(at x86_64, centos 5.3)
> >  Matched:
> > yum-cron =
> > yum-cron.noarch : Files needed to run yum updates as a cron job
> >
> >
> > I don't know why the result was different?
> >
> >
> > Thanks in advance.
>
> To the best of my knowledge, yum-cron is depricated and has been
> replaced with an update daemon of it's own.


Yeah, exactly.
Check yum-updatesd and /etc/yum/yum-updatesd.conf

Best Regards.

-- 
Sebastian "Greyer" Szary
Mail: sebastian [at] szary.org
GG: 2046115 || JID: sebast...@szary.org
GSM: +48 606-436-346
IRCNet: #radom !ekg2
FreeNode: #gentoo-pl, #opensolaris-pl
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Changing a user's shell on CentOS Directory Server?

[Ralph Angenendt]

Matt Harrington wrote:
> Should unprivileged users be able to change their shell with lchsh on
> 5.3 and, if it matters, CentOS Directory Server?  lchsh seems to
> require more open permissions than those which come with a default
> installation:
> 
>  Error initializing libuser: could not open configuration file
> `/etc/default/useradd': Permission denied.

lchsh and lchfn aren't setuid root on CentOS/RHEL systems, so they
cannot open this file. I have no idea if this is intentional, a
discussion on upstream's bugzilla -
 - advises against
that.

You should open a bug on bugzilla.redhat.com against either libuser
(where lchsh comes from) or against shadow-utils to make the useradd
file readable for others at least.

It would be nice if you could tell us the bugzilla ID here, then.

Cheers,

Ralph


pgpBG4fZjoBlr.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] how to disable lots of auditd messages?

[MontyRee]

hello all.
 
My system is centos 5.x and there is no module related auditd
there is no process(daemon) related auditd and selinux definately disabled.
 
But I can see lots of auditd messages like below. 
 
Oct 20 02:01:01 linux kernel: type=1106 audit(1224435661.064:65210): user 
pid=25860 uid=0 auid=0 msg='PAM: session close acct="root" : 
exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'

 
Is there any way to disable this messages?
if I should change /etc/audit/auditd.conf file, 
please let me know which config should I change.
 
 
Thanks in advance.
_
녹돌이의 A+ 중간고사 준비 노하우 공개! 지금 클릭하세요!
http://mswindowslive.tistory.com/54
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] release/update question

[Matthias Leopold]

hi,

since i don't use centos very heavily i'm not too familiar with the
centos/rhel release/update process (and i didn't do much research on this):

is it normal behavior that through the use of "yum update" systems are
forced to follow the point releases of a major release (5.0 -> 5.1 ->
5.2, etc)? is there a way and would it make sense to stay within one
particular release and receive only security updates? or is this
question pointless because point releases _are_ only security updates?

thx for teaching a debian user

matthias
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] NetworkManager, Vpnc and Centos 5.3 Problem.

[Abdullah Teke]

Hi;
I have Centos 5.3 on my labtop and have to vpn a cisco vpn server. So i
installed vpnc on my box. Then i want to integrate with NetworkManager and
vpnc so i also installed NetworkManager-vpnc 7.0. I configured vpn
connection and tried to connect. It looks like it connected but when i try
to login my server at behind of the vpn server, i cant reach them. I check
the routes and it looks like at below.

[r...@localhost sysconfig]# route
Destination Gateway Genmask Flags Metric RefUse
Iface
xxx.xxx.xxx.xxx   10.15.1.1   255.255.255.255 UGH   0  00
eth0
10.255.0.136*   255.255.255.248 U 0  00 tun0
10.15.0.0   *   255.255.0.0 U 1  00 eth0
default *   0.0.0.0 U 0  00 tun0

When i check the log files everthing seems ok at all.

Jun  2 14:43:46 localhost NetworkManager:   Starting VPN service
'org.freedesktop.NetworkManager.vpnc'...
Jun  2 14:43:46 localhost NetworkManager:   VPN service
'org.freedesktop.NetworkManager.vpnc' started
(org.freedesktop.NetworkManager.vpnc), PID 22320
Jun  2 14:43:46 localhost NetworkManager:   VPN service
'org.freedesktop.NetworkManager.vpnc' just appeared, activating connections
Jun  2 14:43:46 localhost NetworkManager:   VPN plugin state changed:
1
Jun  2 14:43:46 localhost NetworkManager:   VPN plugin state changed:
3
Jun  2 14:43:46 localhost NetworkManager:   VPN connection 'x'
(Connect) reply received.
Jun  2 14:43:47 localhost NetworkManager:   VPN connection 'x' (IP
Config Get) reply received.
Jun  2 14:43:47 localhost NetworkManager:   VPN Gateway:
xxx.xxx.xxx.xxx
Jun  2 14:43:47 localhost NetworkManager:   Tunnel Device: tun0
Jun  2 14:43:47 localhost NetworkManager:   Internal IP4 Address:
10.255.0.89
Jun  2 14:43:47 localhost NetworkManager:   Internal IP4 Prefix: 29
Jun  2 14:43:47 localhost NetworkManager:   Internal IP4
Point-to-Point Address: 10.255.0.89
Jun  2 14:43:47 localhost NetworkManager:   Maximum Segment Size
(MSS): 0
Jun  2 14:43:47 localhost NetworkManager:   Internal IP4 DNS:
192.168.90.51
Jun  2 14:43:47 localhost NetworkManager:   DNS Domain: '(none)'
Jun  2 14:43:47 localhost NetworkManager:   Login Banner:
Jun  2 14:43:47 localhost NetworkManager: 
-
Jun  2 14:43:47 localhost NetworkManager:   (null)
Jun  2 14:43:47 localhost NetworkManager: 
-
Jun  2 14:43:48 localhost NetworkManager:   VPN connection 'x' (IP
Config Get) complete.
Jun  2 14:43:48 localhost NetworkManager:   Policy set 'System eth0'
(eth0) as default for routing and DNS.
Jun  2 14:43:48 localhost NetworkManager:   VPN plugin state changed:
4



Then i tried at the console and run the vpnc command and enter the vpn
information from command line like below it is worked

[r...@localhost sysconfig]# vpnc
Enter IPSec gateway address: xxx.xxx.xxx.xxx
Enter IPSec ID for xxx.xxx.xxx.xxx: xxx
Enter IPSec secret for x...@xxx.xxx.xxx.xxx
Enter username for xxx.xxx.xxx.xxx: xxx-xxx
Enter password for xxx-...@xxx.xxx.xxx.xxx
VPNC started in background (pid: 19071)...

I can reach my servers. There isnt any error while try with networkmanager
vpnc, but it cant connect actually When i looked at routes again. It is
shown the same values. Any idea?

-- 
Abdullah Teke
---
abdullaht...@gmail.com
www.abdullahteke.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] release/update question

[Renato de Oliveira Diogo]

Hi

The major release of CentOS/RHEL is from 5.x -> 6.x.
The 5.0 -> 5.1 -> 5.2 ... is a update security, and all shared the
same repository, and the line of version the packages is to update.
In some package case is major update because of security update, eg.
firefox 1.5 to 3.0. Mozilla a long time that not mantaing 1.5...

[]s

Renato de Oliveira Diogo

Bacharel em Ciência da Computação
UNESP - Bauru

LPIC1 - Linux Professional Institute Certification - Nível 1

renato.di...@gmail.com
renato.di...@yahoo.com.br



On Tue, Jun 2, 2009 at 08:56, Matthias Leopold  wrote:
> hi,
>
> since i don't use centos very heavily i'm not too familiar with the
> centos/rhel release/update process (and i didn't do much research on this):
>
> is it normal behavior that through the use of "yum update" systems are
> forced to follow the point releases of a major release (5.0 -> 5.1 ->
> 5.2, etc)? is there a way and would it make sense to stay within one
> particular release and receive only security updates? or is this
> question pointless because point releases _are_ only security updates?
>
> thx for teaching a debian user
>
> matthias
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] release/update question

[Kai Schaetzl]

Matthias Leopold wrote on Tue, 02 Jun 2009 13:56:47 +0200:

> is it normal behavior that through the use of "yum update" systems are
> forced to follow the point releases of a major release (5.0 -> 5.1 ->
> 5.2, etc)? is there a way and would it make sense to stay within one
> particular release and receive only security updates?

The whole thing is an evergoing update process from 5.0 release to EOL. 
Point releases are just freezes in time. There are no "special" updates 
for point releases, only for the "current" release.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to disable lots of auditd messages?

[Nicolas Thierry-Mieg]

MontyRee wrote:
> hello all.
>  
> My system is centos 5.x and there is no module related auditd
> there is no process(daemon) related auditd and selinux definately disabled.
>  
> But I can see lots of auditd messages like below. 
>  
> Oct 20 02:01:01 linux kernel: type=1106 audit(1224435661.064:65210): user 
> pid=25860 uid=0 auid=0 msg='PAM: session close acct="root" : 
> exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
> 
>  
> Is there any way to disable this messages?

not sure if this is a good thing to do, but you can remove the audit 
package, and/or add audit=0 as a kernel option in grub.conf.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Dovecot under brute force attack - nice attacker

[henry ritzlmayr]

Hi List, 

optimizing the configuration on one of our servers (which was
hit by a brute force attack on dovecot) showed an odd behavior. 

The short story:
On one of our servers an attacker did a brute force 
attack on dovecot (pop3). 
Since the attacker closed and reopened the connection 
after every user/password combination the logs showed 
many lines like this:
dovecot: pop3-login: Aborted login: user=,..

The problem:
If the attacker wouldn't have closed and reopened the connection
no log would have been generated and he/she would have endless 
tries. Not even an iptables/hashlimit or fail2ban would have kicked in.

How to reproduce:
telnet dovecot-server pop3
user test
pass test1
user test
pass test2
...
QUIT
->Only the last try gets logged.

Question: 
Is there any way to close the connection after the 
first wrong user/pass combination. So an attacker would be forced 
to reopen it?

Any other Ideas?
Henry

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] release/update question

[Radu-Cristian FOTESCU]

--- On Tue, 6/2/09, Kai Schaetzl  wrote:
> Point releases are just freezes in time. There are no
> "special" updates for point releases, only for the 
> "current" release.

This is what we all *believe* we know (e.g. "5"-current is now "5.3"+updates). 
However, TUV seems to have had a different opinion st some point in the past, 
or at least this is what Johnny understood. Read carefully this:
http://bugs.centos.org/view.php?id=2481

Excerpts:
==
we are trying something new to correspond to an upcoming 5.y.z release scheme 
from upstream.

in the scheme, there will be a 5.1.z and 5.2.z tree ... those trees will be 
available for an extended period of time (5.1 and 5.2 ... each with different 
updates).
==
we are not exactly sure how or even when upstream will do this z tree thing
==
we do not have any intention of doing 5.1.1 or 5.1.2, just 5.1 ... and 
maintaining it while it is maintained upstream.
==
Also, we do not plan to - as Johnny has already pointed out - do any 5.1.1 or 
5.1.2 or 5.1.3 releases, since again that would be counter productive and leave 
users with a false sense of security thinking they have the latest patch levels 
for each machine - when they might not.
==

So there *should* have existed:
* 5.1-only updates issued post-5.2;
* 5.1-only and 5.2-only updates issued post-5.3;
etc.

AFAIK, this never happened. Is the 5.x.z tree concept dead-before-birth?!

Thanks,
R-C



  __
Looking for the perfect gift? Give the gift of Flickr! 

http://www.flickr.com/gift/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] release/update question

[Ralph Angenendt]

Radu-Cristian FOTESCU wrote:
> AFAIK, this never happened. Is the 5.x.z tree concept dead-before-birth?!

For CentOS: Yes.

For Upstream: Ask Red Hat.

Ralph


pgpvVtxZUcKsC.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS Pulse - The Bi-weekly CentOS Newsletter #0901

[Dag Wieers]

Hi,

I am pleased to announce the first edition of the bi-weekly CentOS 
newsletter which we dubbed "CentOS Pulse".


This first issue centers around improving communication within the CentOS 
community and how that relates to the CentOS Promo SIG. We also look at 
the recent announcements regarding the CentOS LiveCD and the CentOS 
Directory Server. And dive into interesting community threads and the 
latest CentOS security updates.

You can read the newsletter at:

http://wiki.centos.org/Newsletter/0901


If you want to get an update everytime we release a new newsletter issue, 
you can subscribe to the newly created and low-traffic 
centos-newsletter mailing list at:

http://lists.centos.org/mailman/listinfo/centos-newsletter


The project team considers the CentOS Newsletter an important tool to 
communicate directly with the community. It is run by the community to 
collect interesting bits from the wiki, mailinglist, forums, SIGs and 
other sources, and put them into the spotlight.

More information about the newsletter and how you can contribute is 
available from:

http://wiki.centos.org/Newsletter

Happy reading !
-- 
--   dag wieers,  d...@wieers.com,  http://dag.wieers.com/   --
[Any errors in spelling, tact or fact are transmission errors]
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] release/update question

[Karanbir Singh]

On 06/02/2009 02:27 PM, Radu-Cristian FOTESCU wrote:
> So there *should* have existed:
> * 5.1-only updates issued post-5.2;
> * 5.1-only and 5.2-only updates issued post-5.3;
> etc.

go back and reread the entire list of comments. You seem quite confused 
about what should and should not exist.

- KB

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] release/update question

[Radu-Cristian FOTESCU]

--- On Tue, 6/2/09, Karanbir Singh  wrote:
> > 
> > So there *should* have existed:
> > * 5.1-only updates issued post-5.2;
> > * 5.1-only and 5.2-only updates issued post-5.3;
> > etc.
> 
> go back and reread the entire list of comments. 
> You seem quite confused 
> about what should and should not exist.

And you seem (as usual) only too kind to enlighten the ignorant. 

Thank you,
R-C



  __
Make your browsing faster, safer, and easier with the new Internet Explorer® 8. 
Optimized for Yahoo! Get it Now for Free! at 
http://downloads.yahoo.com/ca/internetexplorer/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] release/update question

[Radu-Cristian FOTESCU]

--- On Tue, 6/2/09, Ralph Angenendt  wrote:
> 
> For CentOS: Yes.

But Karanbir says I seem "quite confused about what should and should not 
exist." How can you answer correctly to an incorrect question raised by an 
confused ignorant?
 
> For Upstream: Ask Red Hat.

I was hoping *you* (some of you are sysadmins at companies that also use RHEL, 
not just CentOS) are better suited to already know whether TUV has or has not 
implemented that schema.

Sigh. Mailing lists. Back in 1996, Marc Ewing answered me personally to a 
hardware issue I had with RH 3.0.3, but in 2009 people prefer to twaddle and 
give non-answers. Sigh.

Thank you,
R-C



  __
The new Internet Explorer® 8 - Faster, safer, easier.  Optimized for Yahoo!  
Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplorer/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] release/update question

[Dag Wieers]

On Tue, 2 Jun 2009, Radu-Cristian FOTESCU wrote:

>> For CentOS: Yes.
>
> But Karanbir says I seem "quite confused about what should and should not 
> exist." How can you answer correctly to an incorrect question raised by an 
> confused ignorant?
>
>> For Upstream: Ask Red Hat.
>
> I was hoping *you* (some of you are sysadmins at companies that also use 
> RHEL, not just CentOS) are better suited to already know whether TUV has or 
> has not implemented that schema.
>
> Sigh. Mailing lists. Back in 1996, Marc Ewing answered me personally to a 
> hardware issue I had with RH 3.0.3, but in 2009 people prefer to twaddle and 
> give non-answers. Sigh.

Hey Radu-Cristian,

Communication problems are usually caused by both sides. If both the 
sender as well as the receiver are in the same context, communication is 
without errors. Transferring context is usually where it fails :)

Anyhow, the CentOS project decided in the past that providing EUS 
(z-channel) packages would add too much complexity for little gain and 
that users that really need this functionality in their environment 
probably are better off with support from Red Hat as well.

Besides the EUS source RPM packages are not released to the public, so you 
need those expensive entitlements to be able to rebuild them. So it seems 
a fair decision. (I am sure that if I am misrepresenting something, I wll 
be corrected asap :-))

I can only assume that Johnny's response was before this decision was 
taken. So nothing is contradicting, you just have old information and new 
information.

Kind regards,
-- 
--   dag wieers,  d...@centos.org,  http://dag.wieers.com/   --
[Any errors in spelling, tact or fact are transmission errors]
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Rhel mysql Vs Mysql Community Edition

[Thomas Beugin]

Hi :)

Sorry for my bad english i'm a frenchi...

I have a little question about mysql.

What is the difference between mysql-server in centos vs the rpm build
by Sun ( Mysql community edition)

RedHat apply homemade patch or they only backport Sun patch?




Cordialement,
Beugin Thomas
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dovecot under brute force attack - nice attacker

[Kai Schaetzl]

Henry ritzlmayr wrote on Tue, 02 Jun 2009 14:51:23 +0200:

> ->Only the last try gets logged.

can't reproduce this. The following was done in one connection to 
localhost.

Jun  2 17:09:10 d01 dovecot-auth: pam_unix(dovecot:auth): check pass; user 
unknown
Jun  2 17:09:10 d01 dovecot-auth: pam_unix(dovecot:auth): authentication 
failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=:::127.0.0.1
Jun  2 17:09:10 d01 dovecot-auth: pam_succeed_if(dovecot:auth): error 
retrieving information about user bongo

Jun  2 17:09:30 d01 dovecot-auth: pam_unix(dovecot:auth): check pass; user 
unknown
Jun  2 17:09:30 d01 dovecot-auth: pam_unix(dovecot:auth): authentication 
failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=:::127.0.0.1
Jun  2 17:09:30 d01 dovecot-auth: pam_succeed_if(dovecot:auth): error 
retrieving information about user bongo2


Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Harware vs Kernel RAID (was Re: External SATA enclosures: SiI3124 and CentOS 5?)

[Chris Boyd]

On Jun 1, 2009, at 9:52 PM, Michael A. Peters wrote:

> I've read a lot of different reports that suggest at this point in  
> time,
> kernel software raid is in most cases better than controller raid.

I manage systems with both.

I like hardware RAID controllers.  Yes, they do cost money up front,  
but when you have a failure you can get a replacement drive, give it  
to a low level tech, and say "Go to server A41, pull the drive with  
the solid red light and plug this one in."  Then the controller will  
take over, format the drive and put it back into service.

With software RAID, you have to have a sysadmin log in to the box and  
do rootly things that require careful thought :-)

When these events are happening in the wee hours and there are other  
possible human factors like fatigue or stress, the first scenario is  
less risky and costly in the long run.

--Chris
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Harware vs Kernel RAID (was Re: External SATA enclosures: SiI3124 and CentOS 5?)

[Ross Walker]

On Mon, Jun 1, 2009 at 10:52 PM, Michael A. Peters  wrote:
> -=- starting as new thread as it is off topic from controller thread -=-
>
> Ross Walker wrote:
>
>  >
>  > The real key is the controller though. Get one that can do hardware
>  > RAID1/10, 5/50, 6/60, if it can do both SATA and SAS even better and
>  > get a battery backed write-back cache, the bigger the better, 256MB
>  > good, 512MB better, 1GB best.
>
> I've read a lot of different reports that suggest at this point in time,
> kernel software raid is in most cases better than controller raid.
>
> The basic argument seems to be that CPU's are fast enough now that the
> limitation on throughput is the drive itself, and that SATA resolved the
> bottleneck that PATA caused with kernel raid. The arguments then go on
> to give numerous examples where a failing hardware raid controller
> CAUSED data loss, where a raid card died and an identical raid card had
> to be scrounged from eBay to even read the data on the drives, etc. -
> problems that apparently don't happen with kernel software raid.
>
> The main exception I've seen to using software raid are high
> availability setups where a separate external unit ($$$) provides the
> same hard disk to multiple servers. Then the raid can't really be in the
> kernel but has to be in the hardware.
>
> I'd be very interested in hearing opinions on this subject.

The real reason I use hardware RAID is the write-back cache. Nothing
beats it for shear write performance.

Hell I don't even use the on-board RAID. I just export the drives as
individual RAID0 disks, readable with a straight SAS controller if
need be, and use ZFS for RAID. ZFS only has to resilver the existing
data and not the whole drive on a drive failure which reduces the
double failure window significantly and the added parity checking on
each block gives me piece of mind that the data is uncorrupted. The
512MB of write back cache makes the ZFS logging fly without having to
buy in to expensive SSD drives.

I might explore using straight SAS controllers and MPIO with SSD
drives for logging in the future once ZFS gets a way to disassociate a
logging device from a storage pool after it's been associated in case
the SSD device fails.

But now things are way off topic.

-Ross
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-announce Digest, Vol 52, Issue 1

[centos-announce-request]

Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. New Mailing List: CentOS Newsletter announcements
  (Ralph Angenendt)


--

Message: 1
Date: Tue, 2 Jun 2009 15:49:19 +0200
From: Ralph Angenendt 
Subject: [CentOS-announce] New Mailing List: CentOS Newsletter
announcements
To: centos-annou...@centos.org
Message-ID: <20090602134917.ga21...@br-online.de>
Content-Type: text/plain; charset="us-ascii"

Hi,

Dag Wieers announced the first bi-weekly CentOS Newsletter today:

<http://lists.centos.org/pipermail/centos-newsletter/2009-June/00.html>

This Newsletter is considered as an important interface between the
CentOS team and the CentOS community.

If you want to be informed when a new newsletter comes out, you can
subscribe to the newly created CentOS-Newsletter announcement list - the
Newsletter itself is only available on the CentOS wiki.

<http://lists.centos.org/mailman/listinfo/centos-newsletter>

This is not a discussion list, but is only used for newsletter
announcements, which makes it a low traffic list.

On behalf of the CentOS team,

Ralph Angenendt
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : 
http://lists.centos.org/pipermail/centos-announce/attachments/20090602/13dc3c5b/attachment-0001.bin
 

--

___
CentOS-announce mailing list
centos-annou...@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce


End of CentOS-announce Digest, Vol 52, Issue 1
**
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Harware vs Kernel RAID (was Re: External SATA enclosures: SiI3124 and CentOS 5?)

[Gordon Messmer]

On 06/01/2009 07:52 PM, Michael A. Peters wrote:
>
> I've read a lot of different reports that suggest at this point in time,
> kernel software raid is in most cases better than controller raid.

There are certainly a lot of people who feel that way.  It depends on 
what your priorities are.  Hardware RAID has the advantage of offloading 
some calculations from the CPU, and has a write cache which can decrease 
memory use.  However, both of those are relatively expensive, and 
there's no clear evidence that your money is better put into the RAID 
card than into faster CPU and more memory.  Another important 
consideration is that hardware RAID will (must!) have a battery backup 
so that any scheduled writes can be completed later in the case of power 
loss.  If you decide to use software RAID, I would strongly advise you 
to use a UPS, and to make sure your system monitors it and shuts down in 
the event of power loss.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Pulse - The Bi-weekly CentOS Newsletter #0901

[Lanny Marcus]

On Tue, Jun 2, 2009 at 8:41 AM, Dag Wieers  wrote:
> I am pleased to announce the first edition of the bi-weekly CentOS
> newsletter which we dubbed "CentOS Pulse".

Dag: I read the first issue. Great idea! Please post here, each time
you post a new edition. Lanny
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Not received any E-MAIl from listserve???

[Bo Lynch]

On Tue, June 2, 2009 1:48 pm, mcclnx mcc wrote:
>
>
> I have been a while did NOT received E-MAIL from "centos" listserv.  Any
> problem on CENTOS listserv?
>
>
>

No Prob here. Been recieving mail. Might want to check spam filter.

Bo Lynch


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Not received any E-MAIl from listserve???

[Ralph Angenendt]

mcclnx mcc wrote:
>
>
> I have been a while did NOT received E-MAIL from "centos" listserv.
> Any problem on CENTOS listserv?

No. I would be interested if you get this mail, though :)

Ralph

pgpw5vXmC7FDR.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Pulse - The Bi-weekly CentOS Newsletter #0901

[Dag Wieers]

On Tue, 2 Jun 2009, Lanny Marcus wrote:

> On Tue, Jun 2, 2009 at 8:41 AM, Dag Wieers  wrote:
>
>> I am pleased to announce the first edition of the bi-weekly CentOS
>> newsletter which we dubbed "CentOS Pulse".
>
> 
> Dag: I read the first issue. Great idea! Please post here, each time
> you post a new edition. Lanny

Lanny,

The idea was not necessarily mine though. It has been requested a few 
times and just needed to be done. Although I hope that after some time 
we have a group of people contributing and my role will become small or 
taken by others.

For the announcements, I don't know if this is the right location to send 
them to. We have set up a centos-newsletter mailing list for this purpose 
so people can opt in on these announcements, regardless if they follow 
this mailing list or not.

-- 
--   dag wieers,  d...@centos.org,  http://dag.wieers.com/   --
[Any errors in spelling, tact or fact are transmission errors]
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] release/update question

[Radu-Cristian FOTESCU]

--- On Tue, 6/2/09, Dag Wieers  wrote:

> Communication problems are usually caused by both sides. 

Agreed. 

> Besides the EUS source RPM packages are not released
> to the public, so you need those expensive entitlements
> to be able to rebuild them. 

Eek. Never knew that. This looks more like SLES/SLED than like RHEL :-/

> So it seems a fair decision. 

I wasn't questioning CentOS's decision!

> So nothing is contradicting, you just have old
> information and new information.

Thank you very much!

Now that things are clarified... why is audacious broken in RPMforge?
"Missing Dependency: audacious-plugins >= 1.3.0 is needed by package 
audacious-1.3.2-5.el5.rf.i386 (rpmforge)"

Regards,
R-C



  __
Ask a question on any topic and get answers from real people. Go to Yahoo! 
Answers and share what you know at http://ca.answers.yahoo.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Harware vs Kernel RAID (was Re: External SATA enclosures: SiI3124 and CentOS 5?)

[Ross Walker]

On Tue, Jun 2, 2009 at 12:59 PM, Gordon Messmer  wrote:
> On 06/01/2009 07:52 PM, Michael A. Peters wrote:
>>
>> I've read a lot of different reports that suggest at this point in time,
>> kernel software raid is in most cases better than controller raid.
>
> There are certainly a lot of people who feel that way.  It depends on
> what your priorities are.  Hardware RAID has the advantage of offloading
> some calculations from the CPU, and has a write cache which can decrease
> memory use.  However, both of those are relatively expensive, and
> there's no clear evidence that your money is better put into the RAID
> card than into faster CPU and more memory.  Another important
> consideration is that hardware RAID will (must!) have a battery backup
> so that any scheduled writes can be completed later in the case of power
> loss.  If you decide to use software RAID, I would strongly advise you
> to use a UPS, and to make sure your system monitors it and shuts down in
> the event of power loss.

I'd advise anybody who manages server equipment always UPS it. It's
not just power losses that can ruin your day, a power spike can take
out a power supply just as easily and a UPS conditions the power so
the output level is constant.

-Ross
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] release/update question

[Scott Silva]

on 6-2-2009 1:53 PM Radu-Cristian FOTESCU spake the following:
> --- On Tue, 6/2/09, Dag Wieers  
> wrote:
> 
>> Communication problems are usually caused by both sides. 
> 
> Agreed. 
> 
>> Besides the EUS source RPM packages are not released
>> to the public, so you need those expensive entitlements
>> to be able to rebuild them. 
> 
> Eek. Never knew that. This looks more like SLES/SLED than like RHEL :-/
> 
>> So it seems a fair decision. 
> 
> I wasn't questioning CentOS's decision!
> 
>> So nothing is contradicting, you just have old
>> information and new information.
> 
> Thank you very much!
> 
> Now that things are clarified... why is audacious broken in RPMforge?
> "Missing Dependency: audacious-plugins >= 1.3.0 is needed by package 
> audacious-1.3.2-5.el5.rf.i386 (rpmforge)"
> 
Maybe this question is best asked on the rpmforge list, a separate entity from
CentOS.



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Rhel mysql Vs Mysql Community Edition

[Robert Heller]

At Tue, 2 Jun 2009 17:21:15 +0200 CentOS mailing list  wrote:

> 
> Hi :)
> 
> Sorry for my bad english i'm a frenchi...
> 
> I have a little question about mysql.
> 
> What is the difference between mysql-server in centos vs the rpm build
> by Sun ( Mysql community edition)
> 
> RedHat apply homemade patch or they only backport Sun patch?

No, probably just built under RHEL (or CentOS) rather than Fedora Core
or something.  It might be identical.  Or just a version or so behind to
insure stability over the lifetime of the RHEL/CentOS major version. 
Security patches will be 'back ported' and released as release updates
on the base version. If you use the rpms from the CentOS repository you
are guaranteed that things that depend on mysql-server won't break, but
all essential (security mostly) fixes will be implemented.

> 
> 
> 
> 
> Cordialement,
> Beugin Thomas
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 
>

-- 
Robert Heller -- 978-544-6933
Deepwoods Software-- Download the Model Railroad System
http://www.deepsoft.com/  -- Binaries for Linux and MS-Windows
hel...@deepsoft.com   -- http://www.deepsoft.com/ModelRailroadSystem/
  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dovecot under brute force attack - nice attacker

[Scott Silva]

on 6-2-2009 5:51 AM henry ritzlmayr spake the following:
> Hi List, 
> 
> optimizing the configuration on one of our servers (which was
> hit by a brute force attack on dovecot) showed an odd behavior. 
> 
> The short story:
> On one of our servers an attacker did a brute force 
> attack on dovecot (pop3). 
> Since the attacker closed and reopened the connection 
> after every user/password combination the logs showed 
> many lines like this:
> dovecot: pop3-login: Aborted login: user=,..
> 
> The problem:
> If the attacker wouldn't have closed and reopened the connection
> no log would have been generated and he/she would have endless 
> tries. Not even an iptables/hashlimit or fail2ban would have kicked in.
> 
> How to reproduce:
> telnet dovecot-server pop3
> user test
> pass test1
> user test
> pass test2
> ...
> QUIT
> ->Only the last try gets logged.
> 
> Question: 
> Is there any way to close the connection after the 
> first wrong user/pass combination. So an attacker would be forced 
> to reopen it?
> 
> Any other Ideas?
> Henry
Are you using the hopelessly outdated 0.99 dovecot package in CentOS 4 by any
chance?




signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] how to debug random server reboots

[Rudi Ahlers]

Hi all,

One of our CentOS 5.3 randomly reboots, at different times of the day,
and I can't see why it's doing it.

I have looked through the logs, but don't see any thing in there that
shows me why it has rebooted. How can I debug this?

Here's a snipped from the log, around the time of the reboot:


Jun  2 14:59:59 usaxen02 kernel: EXT3-fs: mounted filesystem with
ordered data mode.
Jun  2 15:00:06 usaxen02 kernel: kjournald starting.  Commit interval 5 seconds
Jun  2 15:00:06 usaxen02 kernel: EXT3 FS on dm-8, internal journal
Jun  2 15:00:06 usaxen02 kernel: EXT3-fs: mounted filesystem with
ordered data mode.
Jun  2 15:00:39 usaxen02 kernel: device vifvenu0 entered promiscuous mode
Jun  2 15:00:39 usaxen02 kernel: ADDRCONF(NETDEV_UP): vifvenu0: link
is not ready
Jun  2 21:00:39 usaxen02 logger: /etc/xen/scripts/vif-bridge: iptables
-A FORWARD -m physdev --physdev-in vifvenu0 -s 72.9.241.226
72.9.241.227 72.9.2
41.232 72.9.247.207 -j ACCEPT failed. If you are using iptables, this
may affect networking for guest domains.
Jun  2 15:00:43 usaxen02 kernel: blkback: ring-ref 8, event-channel 6,
protocol 1 (x86_64-abi)
Jun  2 15:00:43 usaxen02 kernel: blkback: ring-ref 9, event-channel 7,
protocol 1 (x86_64-abi)
Jun  2 15:00:43 usaxen02 kernel: ADDRCONF(NETDEV_CHANGE): vifvenu0:
link becomes ready
Jun  2 15:00:43 usaxen02 kernel: xenbr1: topology change detected, propagating
Jun  2 15:00:43 usaxen02 kernel: xenbr1: port 5(vifvenu0) entering
forwarding state
Jun  2 17:30:22 usaxen02 syslogd 1.4.1: restart.
Jun  2 17:30:22 usaxen02 kernel: klogd 1.4.1, log source = /proc/kmsg started.
Jun  2 17:30:22 usaxen02 kernel: Bootdata ok (command line is ro
root=/dev/VolGroup00/LogVol01 ide0=noprobe)
Jun  2 17:30:22 usaxen02 kernel: Linux version 2.6.18-128.1.10.el5xen
(mockbu...@builder10.centos.org) (gcc version 4.1.2 20080704 (Red Hat
4.1.2-44))
 #1 SMP Thu May 7 11:07:18 EDT 2009
Jun  2 17:30:22 usaxen02 kernel: BIOS-provided physical RAM map:
Jun  2 17:30:22 usaxen02 kernel:  Xen:  -
0001de804000 (usable)
Jun  2 17:30:22 usaxen02 kernel: DMI 2.4 present.
Jun  2 17:30:22 usaxen02 kernel: ACPI: LAPIC (acpi_id[0x01]
lapic_id[0x00] enabled)
Jun  2 17:30:22 usaxen02 kernel: ACPI: LAPIC (acpi_id[0x03]
lapic_id[0x02] enabled)
Jun  2 17:30:22 usaxen02 kernel: ACPI: LAPIC (acpi_id[0x02]
lapic_id[0x01] enabled)
Jun  2 17:30:22 usaxen02 kernel: ACPI: LAPIC (acpi_id[0x04]
lapic_id[0x03] enabled)
Jun  2 17:30:22 usaxen02 kernel: ACPI: LAPIC_NMI (acpi_id[0x01] dfl
dfl lint[0x1])
Jun  2 17:30:22 usaxen02 kernel: ACPI: LAPIC_NMI (acpi_id[0x02] dfl
dfl lint[0x1])
Jun  2 17:30:22 usaxen02 kernel: ACPI: IOAPIC (id[0x02]
address[0xfec0] gsi_base[0])
Jun  2 17:30:22 usaxen02 kernel: IOAPIC[0]: apic_id 2, version 32,
address 0xfec0, GSI 0-23
Jun  2 17:30:22 usaxen02 kernel: ACPI: INT_SRC_OVR (bus 0 bus_irq 0
global_irq 2 dfl dfl)
Jun  2 17:30:22 usaxen02 kernel: ACPI: INT_SRC_OVR (bus 0 bus_irq 9
global_irq 9 high level)
Jun  2 17:30:22 usaxen02 kernel: Setting APIC routing to xen
Jun  2 17:30:22 usaxen02 kernel: Using ACPI (MADT) for SMP
configuration information
Jun  2 17:30:22 usaxen02 kernel: Allocating PCI resources starting at
d400 (gap: d000:2ff0)


-- 
Kind Regards
Rudi Ahlers
CEO, SoftDux Hosting
Web: http://www.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to debug random server reboots

[Scott Silva]

on 6-2-2009 2:30 PM Rudi Ahlers spake the following:
> Hi all,
> 
> One of our CentOS 5.3 randomly reboots, at different times of the day,
> and I can't see why it's doing it.
> 
> I have looked through the logs, but don't see any thing in there that
> shows me why it has rebooted. How can I debug this?
> 
> Here's a snipped from the log, around the time of the reboot:
> 
> 

Random reboots can happen fast enough that nothing gets into the logs. You can
try setting up a console and have the system post there. It sometimes catches
things.

But until then I would do the obvious... Make sure the system is clean and not
overheating from "dust bunnies" filling up the chassis.

Remove and re-seat all cards and ram. Make sure all fans are working. Run
memtest overnight if possible. Look back to when the reboots started and see
if something was added or upgraded.



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to debug random server reboots

[Rudi Ahlers]

On 6/2/09, Scott Silva  wrote:
> on 6-2-2009 2:30 PM Rudi Ahlers spake the following:
>> Hi all,
>>
>> One of our CentOS 5.3 randomly reboots, at different times of the day,
>> and I can't see why it's doing it.
>>
>> I have looked through the logs, but don't see any thing in there that
>> shows me why it has rebooted. How can I debug this?
>>
>> Here's a snipped from the log, around the time of the reboot:
>>
>>
> 
> Random reboots can happen fast enough that nothing gets into the logs. You
> can
> try setting up a console and have the system post there. It sometimes
> catches
> things.
>
> But until then I would do the obvious... Make sure the system is clean and
> not
> overheating from "dust bunnies" filling up the chassis.
>
> Remove and re-seat all cards and ram. Make sure all fans are working. Run
> memtest overnight if possible. Look back to when the reboots started and see
> if something was added or upgraded.
>
>

Hi Scott, the server is in the USA, and I'm in ZA. I've been trying to
get the IDC to look into the problem, but they're not very helpful and
recon I need to check my software. I know the "server" runs desktop
hardware, so it could be a hardware problem, but they don't seem to
think so.

So, I'm trying todo everything I can, from my side, via SSH to see if
I can figure it out.

-- 
Kind Regards
Rudi Ahlers
CEO, SoftDux Hosting
Web: http://www.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to debug random server reboots

[Frank Cox]

On Tue, 02 Jun 2009 23:46:39 +0200
Rudi Ahlers wrote:

> So, I'm trying todo everything I can, from my side, via SSH to see if
> I can figure it out.

If it's a hardware-related issue, as Scott suggested, you can spend all the
time you want fiddling around with the software and you'll never solve the
problem.

-- 
MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Harware vs Kernel RAID (was Re: External SATA enclosures: SiI3124 and CentOS 5?)

[Chan Chung Hang Christopher]

> I've read a lot of different reports that suggest at this point in time, 
> kernel software raid is in most cases better than controller raid.
>   
Let me define 'most cases' for you. Linux software raid can perform 
better or the same if you are using raid0/raid1/raid1+0 arrays. If you 
are using raid5/6 arrays, the most disks are involved, the better 
hardware raid (those with sufficient processing power and cache - a long 
time ago software raid 5 beat the pants of hardware raid cards based on 
Intel i960 chips) will perform.


I have already posted on this and there are links to performance tests 
on this very subject. Let me look for the post.


> The basic argument seems to be that CPU's are fast enough now that the 
> limitation on throughput is the drive itself, and that SATA resolved the 
> bottleneck that PATA caused with kernel raid. The arguments then go on 
>   
Complete bollocks. The bottleneck is not the drives themselves as 
whether it is SATA/PATA disk drive performance has not changed much 
which is why 15k RPM disks are still king. The bottleneck is the bus be 
it PCI-X or PCIe 16x/8x/4x or at least the latencies involved due to bus 
traffic.

> to give numerous examples where a failing hardware raid controller 
> CAUSED data loss, where a raid card died and an identical raid card had 
> to be scrounged from eBay to even read the data on the drives, etc. - 
> problems that apparently don't happen with kernel software raid.
>
>   
Buy extra cards. Duh. Easy solution for what can be a very rare problem.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to debug random server reboots

[Scott Silva]

on 6-2-2009 2:46 PM Rudi Ahlers spake the following:
> On 6/2/09, Scott Silva  wrote:
>> on 6-2-2009 2:30 PM Rudi Ahlers spake the following:
>>> Hi all,
>>>
>>> One of our CentOS 5.3 randomly reboots, at different times of the day,
>>> and I can't see why it's doing it.
>>>
>>> I have looked through the logs, but don't see any thing in there that
>>> shows me why it has rebooted. How can I debug this?
>>>
>>> Here's a snipped from the log, around the time of the reboot:
>>>
>>>
>> 
>> Random reboots can happen fast enough that nothing gets into the logs. You
>> can
>> try setting up a console and have the system post there. It sometimes
>> catches
>> things.
>>
>> But until then I would do the obvious... Make sure the system is clean and
>> not
>> overheating from "dust bunnies" filling up the chassis.
>>
>> Remove and re-seat all cards and ram. Make sure all fans are working. Run
>> memtest overnight if possible. Look back to when the reboots started and see
>> if something was added or upgraded.
>>
>>
> 
> Hi Scott, the server is in the USA, and I'm in ZA. I've been trying to
> get the IDC to look into the problem, but they're not very helpful and
> recon I need to check my software. I know the "server" runs desktop
> hardware, so it could be a hardware problem, but they don't seem to
> think so.
> 
> So, I'm trying todo everything I can, from my side, via SSH to see if
> I can figure it out.
> 
Will the data center hang a serial port monitor on it for a while? Many of
them will do it for free, or a few dollars a day, and give you remote access
into it. Is it your server, or a lease/rental?




signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Harware vs Kernel RAID (was Re: External SATA enclosures: SiI3124 and CentOS 5?)

[John R Pierce]

Chan Chung Hang Christopher wrote:
>> I've read a lot of different reports that suggest at this point in time, 
>> kernel software raid is in most cases better than controller raid.
>>   
>> 
> Let me define 'most cases' for you. Linux software raid can perform 
> better or the same if you are using raid0/raid1/raid1+0 arrays. If you 
> are using raid5/6 arrays, the most disks are involved, the better 
> hardware raid (those with sufficient processing power and cache - a long 
> time ago software raid 5 beat the pants of hardware raid cards based on 
> Intel i960 chips) will perform.
>   

not if you're doing committed random writes such as a transactional 
database server... this is where a 'true' hardware raid controller with 
significant battery backed write cache will blow the doors off your 
software raid.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to debug random server reboots

[Les Mikesell]

Frank Cox wrote:
> 
>> So, I'm trying todo everything I can, from my side, via SSH to see if
>> I can figure it out.
> 
> If it's a hardware-related issue, as Scott suggested, you can spend all the
> time you want fiddling around with the software and you'll never solve the
> problem.

Yes, you'll almost certainly end up swapping it out anyway, either all 
at once or piecemeal (power supply, memory, motherboard, etc.).  It's 
probably not worth the time to try to diagnose it.  Working hardware 
should stay up for years.

-- 
   Les Mikesell
lesmikes...@gmail.com


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Local Host Routing

[Al Sparks]

I have, a machine running RHEL ES 4.7 with 2 physical interfaces.

  eth0  Link encap:Ethernet  HWaddr 00:14:22:1C:B4:EA  
inet addr:10.7.13.61  Bcast:10.7.13.255  Mask:255.255.255.0
inet6 addr: fe80::214:22ff:fe1c:b4ea/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:590936429 errors:0 dropped:0 overruns:0 frame:0
TX packets:590246457 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000 
RX bytes:361946964 (345.1 MiB)  TX bytes:3358327885 (3.1 GiB)
  
  eth1  Link encap:Ethernet  HWaddr 00:14:22:1C:B4:EB  
inet addr:10.254.214.16  Bcast:10.254.214.255  Mask:255.255.255.0
inet6 addr: fe80::214:22ff:fe1c:b4eb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:423509 errors:0 dropped:0 overruns:0 frame:0
TX packets:19440 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000 
RX bytes:35948215 (34.2 MiB)  TX bytes:2850651 (2.7 MiB)
  
  loLink encap:Local Loopback  
inet addr:127.0.0.1  Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING  MTU:16436  Metric:1
RX packets:115612666 errors:0 dropped:0 overruns:0 frame:0
TX packets:115612666 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0 
RX bytes:96931918 (92.4 MiB)  TX bytes:96931918 (92.4 MiB)

By default both interfaces route through the default gateway.

  $ route -n
  Kernel IP routing table
  Destination Gateway Genmask Flags Metric RefUse Iface
  10.7.13.0   0.0.0.0 255.255.255.0   U 0  00 eth0
  10.254.214.00.0.0.0 255.255.255.0   U 0  00 eth1
  0.0.0.0 10.7.13.1   0.0.0.0 UG0  00 eth0

The LAN, 10.254.214.0/24 that eth1 is a part of, is configured to not
route at all.  (Actually it's a VLAN, if that's germane).  However,
when I remove the route entry with:

   # route del -net 10.254.214.0 netmask 255.255.255.0

I lose connectivity with the nodes on the LAN.  When I do an 
$ nmap -sP 10.254.214.0/24

the only thing that shows up is
 Host 10.254.214.16 appears to be up
which is the IP address of eth1.

I shouldn't need a routing gateway to reach these devices.  In
addition, even when the routing entry is there (or not) a ping from
eth1
$ ping -I eth1 10.7.13.1

gives me destination unreachable, so the entry is pointless.  BTW,
$ ping -I eth0 10.7.13.1

works fine as it should.

I guess it's not a big deal.  If it works don't fix it.  But I'm still curious.
Any ideas?
=== Al
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Local Host Routing

[Stephen Harris]

On Tue, Jun 02, 2009 at 04:31:11PM -0700, Al Sparks wrote:

>   $ route -n
>   Kernel IP routing table
>   Destination Gateway Genmask Flags Metric RefUse 
> Iface
>   10.7.13.0   0.0.0.0 255.255.255.0   U 0  00 eth0
>   10.254.214.00.0.0.0 255.255.255.0   U 0  00 eth1
>   0.0.0.0 10.7.13.1   0.0.0.0 UG0  00 eth0
> 
># route del -net 10.254.214.0 netmask 255.255.255.0
> 
> I lose connectivity with the nodes on the LAN.  When I do an 

Of course you do.  That entry you removed was saying "to reach the
10.254.214.0/255.255.255.0 network send traffic out of eth1".  

It is _not_ saying "to reach the rest of the world..."; the last line does
that.

> I guess it's not a big deal.  If it works don't fix it.  But I'm still 
> curious.
> Any ideas?

It works as designed.  You just misunderstood what it meant.

-- 

rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] release/update question

[jim]

On Tue, 2 Jun 2009, Ralph Angenendt wrote:

> Radu-Cristian FOTESCU wrote:
>> AFAIK, this never happened. Is the 5.x.z tree concept dead-before-birth?!
>
> For CentOS: Yes.
>
> For Upstream: Ask Red Hat.
>
> Ralph
>

I have asked RHT repeatedly to walk me through the life of a package
version.  Nothing.

Jim Wildman
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Harware vs Kernel RAID (was Re: External SATA enclosures: SiI3124 and CentOS 5?)

[nate]

Chan Chung Hang Christopher wrote:
> Complete bollocks. The bottleneck is not the drives themselves as
> whether it is SATA/PATA disk drive performance has not changed much
> which is why 15k RPM disks are still king. The bottleneck is the bus be
> it PCI-X or PCIe 16x/8x/4x or at least the latencies involved due to bus
> traffic.

In most cases the bottleneck is the drives themselves, there is
only so many I/O requests per second a drive can handle. Most workloads
are random, rather than sequential, so the amount of data you can
pull from a particular drive can be very low depending on what
your workload is.

Taking a random drive from my storage array(which evenly distributes
I/O across every spindle in the system), a 7200RPM SATA-II
disk, over the past month has averaged:

Read IOPS: 24
Write IOPS: 10
Read KBytes/second: 861
Write KBytes/second: 468
Read I/O size: 37 kB
Write I/O size: 50 kB
Read Service time: 23 milliseconds
Write Service time: 47 milliseconds

Averaging the I/O size out to 43.5kB, that means this disk can
sustain roughly 3,915 kilobytes per second(assuming 90 IOPS for
a 7200RPM SATA disk), though the service times would likely be
unacceptably high for any sort of real time application. Lower
the I/O size and you can get better response times, though you'll
get less data through the drive at the same time. On my
previously lower end storage array that I had at my last company
a 47 millisecond sustained write service time would of meant
outage in the databases, this newer higher end array is much
better at optimizing I/O than the lower end box was.

With 40 drives in a drive enclosure connected currently via
2x4Gbps (active/active) fiber channel point to point link,
that means the shelf of drives can run up to roughly
150MB/second out of the 1024MB/second available to it on the
link. System is upgradable to 4x4Gbps (active/active)
point to point fiber channel links per drive enclosure, I
can use SATA, 10k FC, or 15k FC in the drive cages, though
I determined that SATA would be more than enough for our
needs. The array controllers have a tested limit of about
1.6 gigabytes/second of throughput to the disks(and
corresponding throughput to the hosts), or 160,000 I/O requests
per second to the disks with 4 controllers(4 high performance
ASICs for data movement and 16 Xeon CPU cores for everything
else).

Fortunately the large caches(12GB per controller, mirrored with
another controller) on the array buffer the higher response
times on the disks resulting in host response times of
around 20 milliseconds for reads, and 0-5 milliseconds for
writes, which by most measures is excellent.

nate


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Harware vs Kernel RAID (was Re: External SATA enclosures: SiI3124 and CentOS 5?)

[Christopher Chan]

nate wrote:
> Chan Chung Hang Christopher wrote:
>   
>> Complete bollocks. The bottleneck is not the drives themselves as
>> whether it is SATA/PATA disk drive performance has not changed much
>> which is why 15k RPM disks are still king. The bottleneck is the bus be
>> it PCI-X or PCIe 16x/8x/4x or at least the latencies involved due to bus
>> traffic.
>> 
>
> In most cases the bottleneck is the drives themselves, there is
> only so many I/O requests per second a drive can handle. Most workloads
> are random, rather than sequential, so the amount of data you can
> pull from a particular drive can be very low depending on what
> your workload is.
>   
Which is true whether you are running hardware or software raid 0/1/1+0. 
However, when it comes to software raid, given enough disks, the 
bottleneck moves from the disk to the bus especially for raid5/6.
>
> Fortunately the large caches(12GB per controller, mirrored with
> another controller) on the array buffer the higher response
> times on the disks resulting in host response times of
> around 20 milliseconds for reads, and 0-5 milliseconds for
> writes, which by most measures is excellent.
>
>   

Haha, yeah, if you have such large scale setups, nobody would compare 
software raid.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Harware vs Kernel RAID (was Re: External SATA enclosures: SiI3124 and CentOS 5?)

[Christopher Chan]

John R Pierce wrote:
> Chan Chung Hang Christopher wrote:
>   
>>> I've read a lot of different reports that suggest at this point in time, 
>>> kernel software raid is in most cases better than controller raid.
>>>   
>>> 
>>>   
>> Let me define 'most cases' for you. Linux software raid can perform 
>> better or the same if you are using raid0/raid1/raid1+0 arrays. If you 
>> are using raid5/6 arrays, the most disks are involved, the better 
>> hardware raid (those with sufficient processing power and cache - a long 
>> time ago software raid 5 beat the pants of hardware raid cards based on 
>> Intel i960 chips) will perform.
>>   
>> 
>
> not if you're doing committed random writes such as a transactional 
> database server... this is where a 'true' hardware raid controller with 
> significant battery backed write cache will blow the doors off your 
> software raid.
>
>
>   


See my reply to nate. If you are using boards with 12GB of cache, 
software raid is not even on the radar.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Not received any E-MAIl from listserve???

[Bart Schaefer]

Yahoo has been having internal problems with a recent change to their
spam filter.  It's randomly [*] reporting IP addresses as being listed
on the Spamhaus blocklist (when those IPs are not listed), and
therefore incorrectly rejecting mail in unpredictable ways.  This has
been going on for almost two weeks; they've claimed a couple of times
to have fixed it, but each time it has come back soon thereafter.

[*] Or so it appears from outside.

2009/6/2 mcclnx mcc :
>
>
> I have been a while did NOT received E-MAIL from "centos" listserv.  Any 
> problem on CENTOS listserv?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[Linux Advocate]

Guys, apache cpus usage is hitting 100% sometimes ( to such an extent that its 
very noticeable)  on a box with just 8 users or so.

i m getting this when i run 'top'. The worrying thing is seeing the work 
'atack' under command


PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
23119 apache15   0   964  556  472 S  0.7  0.0   0:03.68 atack
23479 apache15   0   964  556  472 S  0.7  0.0   0:01.94 atack
22170 apache15   0   964  560  472 S  0.3  0.0   0:05.23 atack
22375 apache15   0   964  560  472 S  0.3  0.0   0:04.21 atack
22858 apache15   0   964  560  472 S  0.3  0.0   0:02.87 atack
22997 apache15   0   964  560  472 S  0.3  0.0   0:04.11 atack
22999 apache15   0   964  560  472 S  0.3  0.0   0:02.22 atack
23007 apache15   0   964  560  472 S  0.3  0.0   0:03.79 atack
23099 apache15   0   964  556  472 S  0.3  0.0   0:02.18 atack
23101 apache15   0   964  556  472 S  0.3  0.0   0:02.48 atack
23108 apache15   0   964  556  472 S  0.3  0.0   0:03.59 atack
23109 apache15   0   964  556  472 S  0.3  0.0   0:02.75 atack
23112 apache15   0   972  504  412 S  0.3  0.0   0:04.70 atack
23115 apache15   0   964  556  472 S  0.3  0.0   0:03.75 atack
23116 apache15   0   964  556  472 S  0.3  0.0   0:02.80 atack
23121 apache15   0   972  504  412 S  0.3  0.0   0:03.79 atack
23384 apache15   0   964  556  472 S  0.3  0.0   0:01.63 atack
23389 apache15   0   964  556  472 S  0.3  0.0   0:03.52 atack
23392 apache15   0   964  556  472 S  0.3  0.0   0:01.61 atack
23397 apache15   0   964  556  472 S  0.3  0.0   0:01.62 atack
23405 apache15   0   964  556  472 S  0.3  0.0   0:03.64 atack

When i 'ps -ef' i can see many lines as below;

apache   24253 23378  0 10:54 ?00:00:00 ./atack 100
apache   24286 23378  0 10:59 ?00:00:00 ./atack 100
apache   24292 23378  0 11:00 ?00:00:01 ./atack 100
apache   24335 23378  0 11:01 ?00:00:00 ./atack 100
apache   24344 23378  0 11:01 ?00:00:00 ./atack 100
apache   24347 23378  0 11:02 ?00:00:00 ./atack 100
apache   24358 23378  0 11:04 ?00:00:00 ./atack 100


Hell, has my centos 5.3 box  been hacked??? Help  !!


  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[Linux Advocate]

sorry typos amended





Guys, apache's cpu usage is hitting
100% sometimes ( to such an extent that its 
very noticeable) 
on a box ( 2gb ram)  with just 8 users or so. This newver happended before.

i m getting this when i
run 'top'. The worrying thing is seeing the word 'atack' 
under
command


PID USER  PR  NI 
VIRT  RES  SHR S %CPU %MEMTIME+ 
COMMAND
23119 apache15  0  964  556 
472 S  0.7  0.0  0:03.68 atack
23479 apache 
  15  0  964  556  472 S  0.7 
0.0  0:01.94 atack
22170 apache15  0 
964  560  472 S  0.3  0.0  0:05.23 atack
22375 apache15  0  964  560  472 S 
0.3  0.0  0:04.21 atack
22858 apache15 
0  964  560  472 S  0.3  0.0  0:02.87
atack
22997 apache15  0  964  560 
472 S  0.3  0.0  0:04.11 atack
22999 apache 
  15  0  964  560  472 S  0.3 
0.0  0:02.22 atack
23007 apache15  0 
964  560  472 S  0.3  0.0  0:03.79 atack
23099 apache15  0  964  556  472 S 
0.3  0.0  0:02.18 atack
23101 apache15 
0  964  556  472 S  0.3  0.0  0:02.48
atack
23108 apache15  0  964  556 
472 S  0.3  0.0  0:03.59 atack
23109 apache 
  15  0  964  556  472 S  0.3 
0.0  0:02.75 atack
23112 apache15  0 
972  504  412 S  0.3  0.0  0:04.70 atack
23115 apache15  0  964  556  472 S 
0.3  0.0  0:03.75 atack
23116 apache15 
0  964  556  472 S  0.3  0.0  0:02.80
atack
23121 apache15  0  972  504 
412 S  0.3  0.0  0:03.79 atack
23384 apache 
  15  0  964  556  472 S  0.3 
0.0  0:01.63 atack
23389 apache15  0 
964  556  472 S  0.3  0.0  0:03.52 atack
23392 apache15  0  964  556  472 S 
0.3  0.0  0:01.61 atack
23397 apache15 
0  964  556  472 S  0.3  0.0  0:01.62
atack
23405 apache15  0  964  556 
472 S  0.3  0.0  0:03.64 atack

When i 'ps
-ef' i can see many lines as below;

apache  24253
23378  0 10:54 ?00:00:00 ./atack
100
apache  24286 23378  0 10:59 ? 
  00:00:00 ./atack 100
apache  24292 23378  0
11:00 ?00:00:01 ./atack 100
apache 
24335 23378  0 11:01 ?00:00:00
./atack 100
apache  24344 23378  0 11:01 ?   
00:00:00 ./atack 100
apache  24347 23378 
0 11:02 ?00:00:00 ./atack 100
apache 
24358 23378  0 11:04 ?00:00:00
./atack 100


Hell, has my centos 5.3 box  been
hacked??? Help  !!


  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[John R. Dennison]

On Tue, Jun 02, 2009 at 08:23:16PM -0700, Linux Advocate wrote:
> 
> Hell, has my centos 5.3 box  been hacked??? Help  !!

Yes.  Reinstall; fully update components; restore *data*
from backups (you have backups, right?) and review what
web packages you have installed and make sure those are
fully updated also.

Your box is compromised.  You have no way to gauge the
severity, so treat it as both a lost cause; nothing on
it can be trusted at this point.




John

-- 
"I'm sorry but our engineers do not have phones."
As stated by a Network Solutions Customer Service representative when asked to
be put through to an engineer.

"My other computer is your windows box."
 Ralf Hildebrandt
 trying to play sturgeon while it's under attack is apparently not fun.


pgphlpDI16JKA.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[William Warren]

John R. Dennison wrote:
> On Tue, Jun 02, 2009 at 08:23:16PM -0700, Linux Advocate wrote:
>   
>> Hell, has my centos 5.3 box  been hacked??? Help  !!
>> 
>
>   Yes.  Reinstall; fully update components; restore *data*
>   from backups (you have backups, right?) and review what
>   web packages you have installed and make sure those are
>   fully updated also.
>
>   Your box is compromised.  You have no way to gauge the
>   severity, so treat it as both a lost cause; nothing on
>   it can be trusted at this point.
>
>
>
>
>   John
>
>   
> 
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>   
some google foo shows this is a WINDOWS exploit not a linux one.

http://www.linuxquestions.org/questions/slackware-14/analyzing-apache-logs-174552/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[William Warren]

John R. Dennison wrote:
> On Tue, Jun 02, 2009 at 08:23:16PM -0700, Linux Advocate wrote:
>   
>> Hell, has my centos 5.3 box  been hacked??? Help  !!
>> 
>
>   Yes.  Reinstall; fully update components; restore *data*
>   from backups (you have backups, right?) and review what
>   web packages you have installed and make sure those are
>   fully updated also.
>
>   Your box is compromised.  You have no way to gauge the
>   severity, so treat it as both a lost cause; nothing on
>   it can be trusted at this point.
>
>
>
>
>   John
>
>   
> 
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>   
http://www.derkeiler.com/Newsgroups/comp.os.linux.security/2004-05/0202.html
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[Linux Advocate]

> >  
> some google foo shows this is a WINDOWS exploit not a linux one.
> 
> http://www.linuxquestions.org/questions/slackware-14/analyzing-apache-logs-174552/
> ___

yes, william, i saw those links when i googledi too did no think it related 
to me bcos i am on a centos box...



  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[Linux Advocate]

reply below



- Original Message 
> From: John R. Dennison 
> To: CentOS mailing list 
> Sent: Wednesday, June 3, 2009 11:43:46 AM
> Subject: Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell
> 
> On Tue, Jun 02, 2009 at 08:23:16PM -0700, Linux Advocate wrote:
> > 
> > Hell, has my centos 5.3 box  been hacked??? Help  !!
> 
> Yes.  Reinstall; fully update components; restore *data*
> from backups (you have backups, right?) and review what
> web packages you have installed and make sure those are
> fully updated also.
> 
> Your box is compromised.  You have no way to gauge the
> severity, so treat it as both a lost cause; nothing on
> it can be trusted at this point.


o  godd.

i have a quite a few linux boxes and not even one has been hacked. oh man 
!!

really??? i have to format the box.


  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[Neil Aggarwal]

Hello:

If there are processes running on your machine 
which you do not recognize, assume the machine has
been compromised.  Take it offline and wipe it
immediately.

Neil

--
Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com
Eliminate junk email and reclaim your inbox.
Visit http://www.spammilter.com for details.  

> -Original Message-
> From: centos-boun...@centos.org 
> [mailto:centos-boun...@centos.org] On Behalf Of Linux Advocate
> Sent: Tuesday, June 02, 2009 10:23 PM
> To: CentOS mailing list
> Subject: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell
> 
> 
> Guys, apache cpus usage is hitting 100% sometimes ( to such 
> an extent that its very noticeable)  on a box with just 8 users or so.
> 
> i m getting this when i run 'top'. The worrying thing is 
> seeing the work 'atack' under command
> 
> 
> PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
> 23119 apache15   0   964  556  472 S  0.7  0.0   0:03.68 atack
> 23479 apache15   0   964  556  472 S  0.7  0.0   0:01.94 atack
> 22170 apache15   0   964  560  472 S  0.3  0.0   0:05.23 atack
> 22375 apache15   0   964  560  472 S  0.3  0.0   0:04.21 atack
> 22858 apache15   0   964  560  472 S  0.3  0.0   0:02.87 atack
> 22997 apache15   0   964  560  472 S  0.3  0.0   0:04.11 atack
> 22999 apache15   0   964  560  472 S  0.3  0.0   0:02.22 atack
> 23007 apache15   0   964  560  472 S  0.3  0.0   0:03.79 atack
> 23099 apache15   0   964  556  472 S  0.3  0.0   0:02.18 atack
> 23101 apache15   0   964  556  472 S  0.3  0.0   0:02.48 atack
> 23108 apache15   0   964  556  472 S  0.3  0.0   0:03.59 atack
> 23109 apache15   0   964  556  472 S  0.3  0.0   0:02.75 atack
> 23112 apache15   0   972  504  412 S  0.3  0.0   0:04.70 atack
> 23115 apache15   0   964  556  472 S  0.3  0.0   0:03.75 atack
> 23116 apache15   0   964  556  472 S  0.3  0.0   0:02.80 atack
> 23121 apache15   0   972  504  412 S  0.3  0.0   0:03.79 atack
> 23384 apache15   0   964  556  472 S  0.3  0.0   0:01.63 atack
> 23389 apache15   0   964  556  472 S  0.3  0.0   0:03.52 atack
> 23392 apache15   0   964  556  472 S  0.3  0.0   0:01.61 atack
> 23397 apache15   0   964  556  472 S  0.3  0.0   0:01.62 atack
> 23405 apache15   0   964  556  472 S  0.3  0.0   0:03.64 atack
> 
> When i 'ps -ef' i can see many lines as below;
> 
> apache   24253 23378  0 10:54 ?00:00:00 ./atack 100
> apache   24286 23378  0 10:59 ?00:00:00 ./atack 100
> apache   24292 23378  0 11:00 ?00:00:01 ./atack 100
> apache   24335 23378  0 11:01 ?00:00:00 ./atack 100
> apache   24344 23378  0 11:01 ?00:00:00 ./atack 100
> apache   24347 23378  0 11:02 ?00:00:00 ./atack 100
> apache   24358 23378  0 11:04 ?00:00:00 ./atack 100
> 
> 
> Hell, has my centos 5.3 box  been hacked??? Help  !!
> 
> 
>   
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[Neil Aggarwal]

> i have a quite a few linux boxes and not even one has been 
> hacked. oh man !!

Consider yourself lucky that you have not had it
happen in the past.  Nothing is 100% secure.

> really??? i have to format the box.

Yes, you do.

Neil

--
Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com
Eliminate junk email and reclaim your inbox.
Visit http://www.spammilter.com for details.  

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[John R. Dennison]

On Tue, Jun 02, 2009 at 11:48:11PM -0400, William Warren wrote:
>
> some google foo shows this is a WINDOWS exploit not a linux one.
> 
> http://www.linuxquestions.org/questions/slackware-14/analyzing-apache-logs-174552/

Um, perhaps I am just missing something but I don't see any
relation of that forum thread (dating from '03 I might add) to
the issue that the original poster has.




John

-- 
"I'm sorry but our engineers do not have phones."
As stated by a Network Solutions Customer Service representative when asked to
be put through to an engineer.

"My other computer is your windows box."
 Ralf Hildebrandt
 trying to play sturgeon while it's under attack is apparently not fun.


pgplZVVGGUkgB.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[John R. Dennison]

On Tue, Jun 02, 2009 at 09:01:35PM -0700, Linux Advocate wrote:
> 
> o  godd.
> 
> i have a quite a few linux boxes and not even one has been hacked. oh man 
> !!

That you have noticed.

> really??? i have to format the box.

Yes, it would be extremely irresponsible for you to allow that
box to remain connected to the 'net.  It's been compromised
and as such it's a rogue server.




John

-- 
"I'm sorry but our engineers do not have phones."
As stated by a Network Solutions Customer Service representative when asked to
be put through to an engineer.

"My other computer is your windows box."
 Ralf Hildebrandt
 trying to play sturgeon while it's under attack is apparently not fun.


pgpbRjKLpuCtP.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[bruce]

it's possible your box is attacked, has been compromised.. of it's possible
that it's also being slammed by some sort of potential attack/hack.
regarding the apache app, what do the log files say... what apps do you have
running on the apche server? are these apps home grown, or installed from
some public source?

do the research online to see what kind of attack you might have...

it might be that your box is completely safe...

you might also track/monitor any kind of attempt at the box communicating
with other ip addresses that you aren't using

doing a complete reinstall is a draconian measure and may not be called
for...

your mileage might vary...


-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org]on
Behalf Of Linux Advocate
Sent: Tuesday, June 02, 2009 8:23 PM
To: CentOS mailing list
Subject: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell



Guys, apache cpus usage is hitting 100% sometimes ( to such an extent that
its very noticeable)  on a box with just 8 users or so.

i m getting this when i run 'top'. The worrying thing is seeing the work
'atack' under command


PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
23119 apache15   0   964  556  472 S  0.7  0.0   0:03.68 atack
23479 apache15   0   964  556  472 S  0.7  0.0   0:01.94 atack
22170 apache15   0   964  560  472 S  0.3  0.0   0:05.23 atack
22375 apache15   0   964  560  472 S  0.3  0.0   0:04.21 atack
22858 apache15   0   964  560  472 S  0.3  0.0   0:02.87 atack
22997 apache15   0   964  560  472 S  0.3  0.0   0:04.11 atack
22999 apache15   0   964  560  472 S  0.3  0.0   0:02.22 atack
23007 apache15   0   964  560  472 S  0.3  0.0   0:03.79 atack
23099 apache15   0   964  556  472 S  0.3  0.0   0:02.18 atack
23101 apache15   0   964  556  472 S  0.3  0.0   0:02.48 atack
23108 apache15   0   964  556  472 S  0.3  0.0   0:03.59 atack
23109 apache15   0   964  556  472 S  0.3  0.0   0:02.75 atack
23112 apache15   0   972  504  412 S  0.3  0.0   0:04.70 atack
23115 apache15   0   964  556  472 S  0.3  0.0   0:03.75 atack
23116 apache15   0   964  556  472 S  0.3  0.0   0:02.80 atack
23121 apache15   0   972  504  412 S  0.3  0.0   0:03.79 atack
23384 apache15   0   964  556  472 S  0.3  0.0   0:01.63 atack
23389 apache15   0   964  556  472 S  0.3  0.0   0:03.52 atack
23392 apache15   0   964  556  472 S  0.3  0.0   0:01.61 atack
23397 apache15   0   964  556  472 S  0.3  0.0   0:01.62 atack
23405 apache15   0   964  556  472 S  0.3  0.0   0:03.64 atack

When i 'ps -ef' i can see many lines as below;

apache   24253 23378  0 10:54 ?00:00:00 ./atack 100
apache   24286 23378  0 10:59 ?00:00:00 ./atack 100
apache   24292 23378  0 11:00 ?00:00:01 ./atack 100
apache   24335 23378  0 11:01 ?00:00:00 ./atack 100
apache   24344 23378  0 11:01 ?00:00:00 ./atack 100
apache   24347 23378  0 11:02 ?00:00:00 ./atack 100
apache   24358 23378  0 11:04 ?00:00:00 ./atack 100


Hell, has my centos 5.3 box  been hacked??? Help  !!



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[John R. Dennison]

On Tue, Jun 02, 2009 at 09:34:55PM -0700, bruce wrote:
> it's possible your box is attacked, has been compromised.. of it's possible
> that it's also being slammed by some sort of potential attack/hack.
> regarding the apache app, what do the log files say... what apps do you have
> running on the apche server? are these apps home grown, or installed from
> some public source?

He has multiple occurances of a process named "atack", each
running with an argument of 100.  Looks like a DoS to me.

> do the research online to see what kind of attack you might have...

It's irrelevant except as a learning exercise in forensics.

> it might be that your box is completely safe...

You're kidding, right?

> you might also track/monitor any kind of attempt at the box communicating
> with other ip addresses that you aren't using

The longer that box stays on the net the more potential damage
it can (and most likely *will* do).

> doing a complete reinstall is a draconian measure and may not be called
> for...

You're kidding, right?





John

-- 
"I'm sorry but our engineers do not have phones."
As stated by a Network Solutions Customer Service representative when asked to
be put through to an engineer.

"My other computer is your windows box."
 Ralf Hildebrandt
 trying to play sturgeon while it's under attack is apparently not fun.


pgphjQoLoHkD4.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[bruce]

nope...

not kidding... the majority of windows based attacks on an apache system
running on linux systems are obnoxiousm but not harmful... the kinds of
attacks that are looking to exploit windows buffer overflows are harmless to
linux systems..

this isn't to say that all windows attacks are harmless, but this has been
my experience, as well as what i've seen in the lit.

if you have other information regarding windows attaks on webservers, that
also impact linux boxes, please share the relevant websites, describing the
attack vectors.. i'd be interested in checking out the articles as would
others...

but go ahead and reply to me online, as others might be interested in this
thread as well...


-Original Message-
From: John R. Dennison [mailto:j...@gerdesas.com]
Sent: Tuesday, June 02, 2009 9:41 PM
To: bruce
Cc: 'CentOS mailing list'
Subject: Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell


On Tue, Jun 02, 2009 at 09:34:55PM -0700, bruce wrote:
> it's possible your box is attacked, has been compromised.. of it's
possible
> that it's also being slammed by some sort of potential attack/hack.
> regarding the apache app, what do the log files say... what apps do you
have
> running on the apche server? are these apps home grown, or installed from
> some public source?

He has multiple occurances of a process named "atack", each
running with an argument of 100.  Looks like a DoS to me.

> do the research online to see what kind of attack you might have...

It's irrelevant except as a learning exercise in forensics.

> it might be that your box is completely safe...

You're kidding, right?

> you might also track/monitor any kind of attempt at the box communicating
> with other ip addresses that you aren't using

The longer that box stays on the net the more potential damage
it can (and most likely *will* do).

> doing a complete reinstall is a draconian measure and may not be called
> for...

You're kidding, right?





John

--
"I'm sorry but our engineers do not have phones."
As stated by a Network Solutions Customer Service representative when asked
to
be put through to an engineer.

"My other computer is your windows box."
 Ralf Hildebrandt
 trying to play sturgeon while it's under attack is apparently not
fun.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[Raymond Lillard]

htebruce wrote:
> it's possible your box is attacked, has been compromised.. of it's possible
> that it's also being slammed by some sort of potential attack/hack.
> regarding the apache app, what do the log files say... what apps do you have
> running on the apche server? are these apps home grown, or installed from
> some public source?
> 
> do the research online to see what kind of attack you might have...
> 
> it might be that your box is completely safe...
> 
> you might also track/monitor any kind of attempt at the box communicating
> with other ip addresses that you aren't using
> 
> doing a complete reinstall is a draconian measure and may not be called
> for...
> 
> your mileage might vary...
> 
> 
> -Original Message-
> From: centos-boun...@centos.org [mailto:centos-boun...@centos.org]on
> Behalf Of Linux Advocate
> Sent: Tuesday, June 02, 2009 8:23 PM
> To: CentOS mailing list
> Subject: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell
> 
> 
> 
> Guys, apache cpus usage is hitting 100% sometimes ( to such an extent that
> its very noticeable)  on a box with just 8 users or so.
> 
> i m getting this when i run 'top'. The worrying thing is seeing the work
> 'atack' under command
> 
> 
> PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
> 23119 apache15   0   964  556  472 S  0.7  0.0   0:03.68 atack
> 23479 apache15   0   964  556  472 S  0.7  0.0   0:01.94 atack
> 22170 apache15   0   964  560  472 S  0.3  0.0   0:05.23 atack

If you haven't, please take the damn box off-line *now* in the
interest of good netizenship.  Do whatever forensics seem prudent,
off-line.  At this point, nobody knows what is happening and this
box needs to be offline until it is thoroughly secured.

The minimum forensics you need to do (or have done for you if
you need help) is to determine where the attack came from and
how it succeeded so you won't get caught with your knickers
around your ankles again.

As soon as the attack vector is known, close it down on your
other servers as quickly as you can.

Conventional wisdom is to cold load the compromised server
before returning it to service, because the bad guys often
leave multiple back doors.  Fixing the attack point is not
enough.

Regards,
Ray




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[Neil Aggarwal]

Bruce:

I think you are misunderstanding something.
He showed a process listing of processes running
on his server.  Those were not apache processes
being attacked from the outside.  They were rogue
processes running on his machine.

Neil

--
Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com
Eliminate junk email and reclaim your inbox.
Visit http://www.spammilter.com for details.  

> -Original Message-
> From: centos-boun...@centos.org 
> [mailto:centos-boun...@centos.org] On Behalf Of bruce
> Sent: Tuesday, June 02, 2009 11:49 PM
> Cc: 'CentOS mailing list'
> Subject: Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? 
> Oh hell
> 
> nope...
> 
> not kidding... the majority of windows based attacks on an 
> apache system
> running on linux systems are obnoxiousm but not harmful... 
> the kinds of
> attacks that are looking to exploit windows buffer overflows 
> are harmless to
> linux systems..
> 
> this isn't to say that all windows attacks are harmless, but 
> this has been
> my experience, as well as what i've seen in the lit.
> 
> if you have other information regarding windows attaks on 
> webservers, that
> also impact linux boxes, please share the relevant websites, 
> describing the
> attack vectors.. i'd be interested in checking out the 
> articles as would
> others...
> 
> but go ahead and reply to me online, as others might be 
> interested in this
> thread as well...
> 
> 
> -Original Message-
> From: John R. Dennison [mailto:j...@gerdesas.com]
> Sent: Tuesday, June 02, 2009 9:41 PM
> To: bruce
> Cc: 'CentOS mailing list'
> Subject: Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? 
> Oh hell
> 
> 
> On Tue, Jun 02, 2009 at 09:34:55PM -0700, bruce wrote:
> > it's possible your box is attacked, has been compromised.. of it's
> possible
> > that it's also being slammed by some sort of potential attack/hack.
> > regarding the apache app, what do the log files say... what 
> apps do you
> have
> > running on the apche server? are these apps home grown, or 
> installed from
> > some public source?
> 
>   He has multiple occurances of a process named "atack", each
>   running with an argument of 100.  Looks like a DoS to me.
> 
> > do the research online to see what kind of attack you might have...
> 
>   It's irrelevant except as a learning exercise in forensics.
> 
> > it might be that your box is completely safe...
> 
>   You're kidding, right?
> 
> > you might also track/monitor any kind of attempt at the box 
> communicating
> > with other ip addresses that you aren't using
> 
>   The longer that box stays on the net the more potential damage
>   it can (and most likely *will* do).
> 
> > doing a complete reinstall is a draconian measure and may 
> not be called
> > for...
> 
>   You're kidding, right?
> 
> 
> 
> 
> 
>   John
> 
> --
> "I'm sorry but our engineers do not have phones."
> As stated by a Network Solutions Customer Service 
> representative when asked
> to
> be put through to an engineer.
> 
> "My other computer is your windows box."
>  Ralf Hildebrandt
>  trying to play sturgeon while it's under attack is 
> apparently not
> fun.
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[John R. Dennison]

On Tue, Jun 02, 2009 at 09:48:41PM -0700, bruce wrote:
> 
> not kidding... the majority of windows based attacks on an apache system
> running on linux systems are obnoxiousm but not harmful... the kinds of
> attacks that are looking to exploit windows buffer overflows are harmless to
> linux systems..
> 
> this isn't to say that all windows attacks are harmless, but this has been
> my experience, as well as what i've seen in the lit.
> 
> if you have other information regarding windows attaks on webservers, that
> also impact linux boxes, please share the relevant websites, describing the
> attack vectors.. i'd be interested in checking out the articles as would
> others...

Not to be rude but what you are rambling on about?

He's running an apache instance on cent5.  He has processes he
can not readily identify running under apache named "atack";
where does "windows" come into the equation?  What the processes
are specifically doing is secondary to the problem at hand,
which is that the processes exist in the first place.

Please, enlighten me as to how you can think that his box has
not been compromised.  Please, enlighten me as to how he (or
you) can gauge the extent of the compromise (assuming no HIDS
in use on the server).

I stand by my previous advice - the box is compromised, can not
be trusted, and as a responsible admin he should be working on
re-installing it, evaluating what web-apps he had running that
led to this in the first place and taking the appropriate steps
to ensure it does not happen again.





John

-- 
"I'm sorry but our engineers do not have phones."
As stated by a Network Solutions Customer Service representative when asked to
be put through to an engineer.

"My other computer is your windows box."
 Ralf Hildebrandt
 trying to play sturgeon while it's under attack is apparently not fun.


pgpBE6Hdox1ye.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[bruce]

neil...

the ps he showed, showed the 'atack' processes being run by the apache
user...

i'm incined to agree that he should take the machine offline, but i don't
know what the 'atack' processes are, and unless his system is really f*ed
up.. i'm inclined to think the processs is something on his server...

now, how it got there is a curious issue that he's going to have to
address..

but this is why i specifically asked the kinds of web apps he's running on
his server...



-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org]on
Behalf Of Neil Aggarwal
Sent: Tuesday, June 02, 2009 10:03 PM
To: 'CentOS mailing list'
Subject: Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell


Bruce:

I think you are misunderstanding something.
He showed a process listing of processes running
on his server.  Those were not apache processes
being attacked from the outside.  They were rogue
processes running on his machine.

Neil

--
Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com
Eliminate junk email and reclaim your inbox.
Visit http://www.spammilter.com for details.

> -Original Message-
> From: centos-boun...@centos.org
> [mailto:centos-boun...@centos.org] On Behalf Of bruce
> Sent: Tuesday, June 02, 2009 11:49 PM
> Cc: 'CentOS mailing list'
> Subject: Re: [CentOS] Centos 5.3 -> Apache - Under Attack ?
> Oh hell
>
> nope...
>
> not kidding... the majority of windows based attacks on an
> apache system
> running on linux systems are obnoxiousm but not harmful...
> the kinds of
> attacks that are looking to exploit windows buffer overflows
> are harmless to
> linux systems..
>
> this isn't to say that all windows attacks are harmless, but
> this has been
> my experience, as well as what i've seen in the lit.
>
> if you have other information regarding windows attaks on
> webservers, that
> also impact linux boxes, please share the relevant websites,
> describing the
> attack vectors.. i'd be interested in checking out the
> articles as would
> others...
>
> but go ahead and reply to me online, as others might be
> interested in this
> thread as well...
>
>
> -Original Message-
> From: John R. Dennison [mailto:j...@gerdesas.com]
> Sent: Tuesday, June 02, 2009 9:41 PM
> To: bruce
> Cc: 'CentOS mailing list'
> Subject: Re: [CentOS] Centos 5.3 -> Apache - Under Attack ?
> Oh hell
>
>
> On Tue, Jun 02, 2009 at 09:34:55PM -0700, bruce wrote:
> > it's possible your box is attacked, has been compromised.. of it's
> possible
> > that it's also being slammed by some sort of potential attack/hack.
> > regarding the apache app, what do the log files say... what
> apps do you
> have
> > running on the apche server? are these apps home grown, or
> installed from
> > some public source?
>
>   He has multiple occurances of a process named "atack", each
>   running with an argument of 100.  Looks like a DoS to me.
>
> > do the research online to see what kind of attack you might have...
>
>   It's irrelevant except as a learning exercise in forensics.
>
> > it might be that your box is completely safe...
>
>   You're kidding, right?
>
> > you might also track/monitor any kind of attempt at the box
> communicating
> > with other ip addresses that you aren't using
>
>   The longer that box stays on the net the more potential damage
>   it can (and most likely *will* do).
>
> > doing a complete reinstall is a draconian measure and may
> not be called
> > for...
>
>   You're kidding, right?
>
>
>
>
>
>   John
>
> --
> "I'm sorry but our engineers do not have phones."
> As stated by a Network Solutions Customer Service
> representative when asked
> to
> be put through to an engineer.
>
> "My other computer is your windows box."
>  Ralf Hildebrandt
>  trying to play sturgeon while it's under attack is
> apparently not
> fun.
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[bruce]

you and i agreee on him figuring out what web apps are causing the issues..
or in fact, exactly what the 'atack' process is?  i didn't see the initial
threads.. was this simething that he discussed? did he say what the arack
process was doing?

my only point, was that reinstalling wotjout understanding what was/is going
on is a draconian step.. does it resolve the issue.. sire.. does it get to
what might have been the cause.. not in my opinion...

but hey.. there are different ways of approaching a problem...



-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org]on
Behalf Of John R. Dennison
Sent: Tuesday, June 02, 2009 10:10 PM
To: CentOS mailing list
Subject: Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell


On Tue, Jun 02, 2009 at 09:48:41PM -0700, bruce wrote:
>
> not kidding... the majority of windows based attacks on an apache system
> running on linux systems are obnoxiousm but not harmful... the kinds of
> attacks that are looking to exploit windows buffer overflows are harmless
to
> linux systems..
>
> this isn't to say that all windows attacks are harmless, but this has been
> my experience, as well as what i've seen in the lit.
>
> if you have other information regarding windows attaks on webservers, that
> also impact linux boxes, please share the relevant websites, describing
the
> attack vectors.. i'd be interested in checking out the articles as would
> others...

Not to be rude but what you are rambling on about?

He's running an apache instance on cent5.  He has processes he
can not readily identify running under apache named "atack";
where does "windows" come into the equation?  What the processes
are specifically doing is secondary to the problem at hand,
which is that the processes exist in the first place.

Please, enlighten me as to how you can think that his box has
not been compromised.  Please, enlighten me as to how he (or
you) can gauge the extent of the compromise (assuming no HIDS
in use on the server).

I stand by my previous advice - the box is compromised, can not
be trusted, and as a responsible admin he should be working on
re-installing it, evaluating what web-apps he had running that
led to this in the first place and taking the appropriate steps
to ensure it does not happen again.





John

--
"I'm sorry but our engineers do not have phones."
As stated by a Network Solutions Customer Service representative when asked
to
be put through to an engineer.

"My other computer is your windows box."
 Ralf Hildebrandt
 trying to play sturgeon while it's under attack is apparently not
fun.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[Neil Aggarwal]

Bruce:

> i'm inclined to think the processs is something on his server...
> 
> now, how it got there is a curious issue that he's going to have to
> address..

This is precisely the point.  An unauthorized user currently 
has the ability to run processed on the machine.  We do
not know what they have already done or will do to the machine.
We have to assume the entire machine is suspect and therefore
it needs to be wiped.

Neil


--
Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com
Eliminate junk email and reclaim your inbox.
Visit http://www.spammilter.com for details.  

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[bruce]

neil...

you state that "..An unauthorized user currently has the ability to run
processed on the machine"

how do we know that.. did i miss something in an earlier thread.. don't get
me wrong, you might know more on this thread than the few msgs i saw... al i
saw was that there was the 'atack' process being run...

do we know how it got there?

did he say he didn't know what the hell the process was and that he didn't
put it there? also, did he ever say if he was the only one to put things on
the box.. (ie, a friend of his didn't put it there..  )

as an aside? did he say if he even looked on the net for anything related to
this??

-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org]on
Behalf Of Neil Aggarwal
Sent: Tuesday, June 02, 2009 10:21 PM
To: 'CentOS mailing list'
Subject: Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell


Bruce:

> i'm inclined to think the processs is something on his server...
>
> now, how it got there is a curious issue that he's going to have to
> address..

This is precisely the point.  An unauthorized user currently
has the ability to run processed on the machine.  We do
not know what they have already done or will do to the machine.
We have to assume the entire machine is suspect and therefore
it needs to be wiped.

Neil


--
Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com
Eliminate junk email and reclaim your inbox.
Visit http://www.spammilter.com for details.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[Neil Aggarwal]

Bruce:

> my only point, was that reinstalling wotjout understanding 
> what was/is going
> on is a draconian step.. does it resolve the issue.. sire.. 
> does it get to
> what might have been the cause.. not in my opinion...

This point seems valid.  

If you do not understand why and how the machine was
compromised, there is no way to be sure a reinstall
will plug the security hole.

The reality of the matter is that it is extremely
unlikely that he could figure out precisely how
the machine was compromised.  There is just not going
to be a smoking gun that says the hacker did A, B,
and C and got in.

It would be prudent to review his web code to see
if he did something in an insecure way.  If his code
is open to attack, it will be so even if he puts it
on a new machine.

Neil

--
Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com
Eliminate junk email and reclaim your inbox.
Visit http://www.spammilter.com for details.  

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[Neil Aggarwal]

Bruce:

> you state that "..An unauthorized user currently has the 
> ability to run
> processed on the machine"
> 
> how do we know that.. 

The original poster stated he did know how what 
the process was.  He stated he believed the machine
was being attacked.  He asked for advice from the
community on how to handle the situation.

The original poster's statments imply it was not put 
there by an authorized user.  Someone does not just
casually assume a machine has been hacked.  They
have a reason for suspecting it.

Neil

--
Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com
Eliminate junk email and reclaim your inbox.
Visit http://www.spammilter.com for details.  

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[John R. Dennison]

On Wed, Jun 03, 2009 at 12:30:10AM -0500, Neil Aggarwal wrote:
> 
> It would be prudent to review his web code to see
> if he did something in an insecure way.  If his code
> is open to attack, it will be so even if he puts it
> on a new machine.

Hence my statements to evaluate the web-apps he has running :)

I will bet dollars to donuts he had a web app with a known issue
that was not patched.  Also goes back to my previous statement
of fully patching.




John

-- 
"I'm sorry but our engineers do not have phones."
As stated by a Network Solutions Customer Service representative when asked to
be put through to an engineer.

"My other computer is your windows box."
 Ralf Hildebrandt
 trying to play sturgeon while it's under attack is apparently not fun.


pgpcg5d94MQqD.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[JohnS]

On Wed, 2009-06-03 at 00:46 -0500, John R. Dennison wrote:
> On Wed, Jun 03, 2009 at 12:30:10AM -0500, Neil Aggarwal wrote:
> > 
> > It would be prudent to review his web code to see
> > if he did something in an insecure way.  If his code
> > is open to attack, it will be so even if he puts it
> > on a new machine.
> 
>   Hence my statements to evaluate the web-apps he has running :)
> 
>   I will bet dollars to donuts he had a web app with a known issue
>   that was not patched.  Also goes back to my previous statement
>   of fully patching.
> 
---
Dollars to Donuts ehhh???
How many donuts you think it will take to pay for legal costs and clean
up if there are customer data on the machine? I think right about now I
would:
1. Notify Risk Management and Your Compliancy Officer.
2. Take it off the network connections.
3. Do a live rsync and dd image + ram copy = running processes/hidden.
4. Same as 3. but with the machine off.
5. The company attorney needs to be notified.
6. By State and Federal Law in the US you have so many days to report
incidents like this to users (customers) and law enforcement.

JohnStanley

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 5.3 SuperMicro x7sbi AHCI

[Ron Lorah]

Greetings,

Wondering if anyone could assist with this. I have many SuperMicro 5015B-MTB
servers. These all have the X7SBi Motherboards. After upgrading to 
CentOS 5.3 the Hard
Drive LED's on some of the servers started blinking red(drive fail) but 
all is functioning
normally. All servers are running raid 1 arrays with MDADM. Primary 
drive does not blink,
but all others do including spares. These boards use the Intel ICH9R 
chipset. AHCI is enabled.
When AHCI is disabled, drives stop blinking, but drives are then 
detected as hda,hdb,etc. and
server takes a huge performance hit.

All Servers have Western Digital SATAII 320G RE2 Drives.

So far:
I have reloaded Kernels
Tried CentOS plus Kernels
Flashed the Bios
Replaced Backplane

The funny thing is, not all servers are affected. If anyone has any 
ideas or could just point me in the right
direction, it would be extremely appreciated. It's an annoyance more 
than anything else.

Thx,

~Ron
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

[Ian Forde]

On Wed, 2009-06-03 at 01:57 -0400, JohnS wrote:
> On Wed, 2009-06-03 at 00:46 -0500, John R. Dennison wrote:
> > On Wed, Jun 03, 2009 at 12:30:10AM -0500, Neil Aggarwal wrote:
> > > 
> > > It would be prudent to review his web code to see
> > > if he did something in an insecure way.  If his code
> > > is open to attack, it will be so even if he puts it
> > > on a new machine.
> > 
> > Hence my statements to evaluate the web-apps he has running :)
> > 
> > I will bet dollars to donuts he had a web app with a known issue
> > that was not patched.  Also goes back to my previous statement
> > of fully patching.
> > 
> ---
> Dollars to Donuts ehhh???
> How many donuts you think it will take to pay for legal costs and clean
> up if there are customer data on the machine? I think right about now I
> would:
> 1. Notify Risk Management and Your Compliancy Officer.
> 2. Take it off the network connections.
> 3. Do a live rsync and dd image + ram copy = running processes/hidden.
> 4. Same as 3. but with the machine off.
> 5. The company attorney needs to be notified.
> 6. By State and Federal Law in the US you have so many days to report
> incidents like this to users (customers) and law enforcement.

If, by step 4, you mean remove the drive[1], stick it into USB
enclosure, make a copy of it, then stick the original into a plastic bag
in full view of a witness[2] then give it to them, I agree
wholeheartedly[3].  I've been through this before and this is, IMHO[4] a
safer way to operate.

-I

[1] Assuming no RAID.  If you have RAID, you can go to a separate box
and make a live backup via:
goodhost# ssh badhost '(cat /dev/sda)' > badhost-sda.ddout
[2] Your manager or corporate counsel will do in this example.  Better
if its both.
[3] This does *NOT* constitute legal advice.  Talk to your corporate
counsel before taking action, as this may constitute a criminal matter.
[4] See [3] above.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to debug random server reboots

[Rudi Ahlers]

On 6/3/09, Scott Silva  wrote:
> on 6-2-2009 2:46 PM Rudi Ahlers spake the following:
>> On 6/2/09, Scott Silva  wrote:
>>> on 6-2-2009 2:30 PM Rudi Ahlers spake the following:
 Hi all,

 One of our CentOS 5.3 randomly reboots, at different times of the day,
 and I can't see why it's doing it.

 I have looked through the logs, but don't see any thing in there that
 shows me why it has rebooted. How can I debug this?

 Here's a snipped from the log, around the time of the reboot:


>>> 
>>> Random reboots can happen fast enough that nothing gets into the logs.
>>> You
>>> can
>>> try setting up a console and have the system post there. It sometimes
>>> catches
>>> things.
>>>
>>> But until then I would do the obvious... Make sure the system is clean
>>> and
>>> not
>>> overheating from "dust bunnies" filling up the chassis.
>>>
>>> Remove and re-seat all cards and ram. Make sure all fans are working. Run
>>> memtest overnight if possible. Look back to when the reboots started and
>>> see
>>> if something was added or upgraded.
>>>
>>>
>>
>> Hi Scott, the server is in the USA, and I'm in ZA. I've been trying to
>> get the IDC to look into the problem, but they're not very helpful and
>> recon I need to check my software. I know the "server" runs desktop
>> hardware, so it could be a hardware problem, but they don't seem to
>> think so.
>>
>> So, I'm trying todo everything I can, from my side, via SSH to see if
>> I can figure it out.
>>
> Will the data center hang a serial port monitor on it for a while? Many of
> them will do it for free, or a few dollars a day, and give you remote access
> into it. Is it your server, or a lease/rental?
>
>
>


It's a rented server from a 3rd party who feels that it's not their
problem. Seems I need to get a new server, from someone else.


-- 
Kind Regards
Rudi Ahlers
CEO, SoftDux Hosting
Web: http://www.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos